SlideShare ist ein Scribd-Unternehmen logo

Pursue container architecture with mincs

Yuki Nishiwaki
Yuki Nishiwaki

It's talking about container and MINCS which is the implementation of containerising software in pure shell script

Ingenieurwesen
1 von 19
Downloaden Sie, um offline zu lesen
Minimum Container environment Yuki Nishiwaki
What’s Container image#2 Linux Kernel image#1 process container A Warden LXC MINCS cgroupsnamespacenetfilter netlink process NW Isorated process Software to create container It’s just process be running on the same host as containerising software like docker. But that process called as container is isolated by the feature linux kernel provided than host machine. Docker is just one of the software to create/control isolated process(container) Root namespace
Docker !== Container $ docker ps docker-containerd-shim docker-containerd-shim docker-containerd-shim dockerd docker-containerd /var/run/docker.sock Docker
Bit interesting behavior of Docker
Docker try to ensure container status as config in init stop initialising running This container should start with such a configuration. If docker fail to ensure container as configuration like failing to bind port, docker restart to do initialisation process
Docker restart normal procedure port: 7000 port: 7000 port: 7001 port: 8080 port: 80 port: 7000 port: 7000 port: 7001 port: 8080 port: 80 running runningstop initilising initilising stop Restart running --restart --restart
Docker failed to start due to one of containers port: 7000 port: 7000 port: 7001 port: 8080 port: 80 runningstop initilising initilising Binding failed due to conflicting of port Container initialisation failed due to network error stop infinite $ docker ps --restart --restart I can’t “docker ps”, means docker control plane could be dead
If docker don’t respond 1. check if dockerd is restarting repeatedly 2. if yes, remove the existing resource (/var/lib/docker/volumes, networks...)
What’s MINCS ❖ Minimum Container Shellscripts ❖ Consisit of all pure shellscripts ❖ The number of all lines ➢ 3250 lines It’s easier to understand the basic consept than other container management tool How container is managed/created
How to install MINCS $ git clone https://github.com/mhiramat/mincs.git It was supposed to finish with this one line…..
Not working …... vagrant@vagrant:~/mincs$ sudo ./minc bash unshare: invalid option -- 'p' Usage: unshare [options] <program> [args...]
unshare command is needed to replace with other ~:$ git clone https://github.com/mirror/busybox.git ~:$ cd busybox ~/busybox:$ make config require the user to fill with many configuration items…. ~/busybox:$ make install ~/busybox:$ mv _install/bin /bin/busybox
Change minc-exec script as following diff --git a/libexec/minc-exec b/libexec/minc-exec index 834b4e0..a5a1b8c 100755 --- a/libexec/minc-exec +++ b/libexec/minc-exec @@ -174,4 +174,4 @@ cd / UNSHARE_OPT= # Enter new namespace and exec command [ "$MINC_NOPRIV" ] && UNSHARE_OPT=--map-root-user -$IP_NETNS unshare $UNSHARE_OPT -iumpf $LIBEXEC/`basename $0` "$@" +$IP_NETNS busybox unshare $UNSHARE_OPT -iumpf $LIBEXEC/`basename $0` "$@"
1. Try to create container $ sudo ./minc bash vagrant@vagrant-ubuntu-trusty:~/mincs$ sudo ./minc bash # <- enter in container mount: warning: /tmp/minc9215-334yCm/root/proc/sys seems to be mounted read-only. mount: warning: /tmp/minc9215-334yCm/root/proc/sysrq-trigger seems to be mounted read-only. mount: warning: /tmp/minc9215-334yCm/root/proc/irq seems to be mounted read-only. mount: warning: /tmp/minc9215-334yCm/root/proc/bus seems to be mounted read-only. root@vagrant-ubuntu-trusty:/# echo test >> test root@vagrant-ubuntu-trusty:/# cat /test test #<- There is /test files root@vagrant-ubuntu-trusty:/# exit exit #<- get out of container vagrant@vagrant-ubuntu-trusty:~/mincs$ cat /test cat: /test: No such file or directory # <- There is no /test file (directory tree is separated)
2. Try to use image management vagrant@vagrant-ubuntu-trusty:~$ sudo mincs/marten import ubuntu.tar.gz mincs/marten: 1: mincs/marten: jq: not found # <- need jq package vagrant@vagrant-ubuntu-trusty:~$ sudo apt-get install jq vagrant@vagrant-ubuntu-trusty:~$ sudo mincs/marten import ubuntu.tar.gz Importing image: ubuntu jq: error: Cannot index number with string parse error: Invalid numeric literal #<- This is bug… it can’t import the images to contain multiples # https://github.com/mhiramat/mincs/issues/8 vagrant@vagrant-ubuntu-trusty:~$ sudo mincs/marten import ubuntu_latest.tar.gz Importing image: ubuntu 9d2e5c12a9428108649812c24645eba52c030507a74c891984b3fb7f218d7690 …………. 9177e32309d14441f30648db6ba1641800c79d959d63dddc0ab7da673cd6acd9 9d2e5c12a9428108649812c24645eba52c030507a74c891984b3fb7f218d7690 vagrant@vagrant-ubuntu-trusty:~$ sudo mincs/marten images #<- it works
3. Try to create the container form images vagrant@vagrant-ubuntu-trusty:~$ sudo mincs/marten images ID SIZE NAME 06bd4c05b6dc 20K (noname) 72a988653a4a 84K (noname) 891a3a3af630 138M (noname) 9177e32309d1 16K (noname) 9d2e5c12a942 16K ubuntu vagrant@vagrant-ubuntu-trusty:~$ sudo mincs/minc -r ubuntu bash mount: special device overlayfs does not exist #<- I need fix, somehow overlayfs is enabled since kernel 3.18 To reuse this, run: mincs/minc -t 3c94cdd1629d vagrant@vagrant-ubuntu-trusty:~/mincs$ uname -r 3.13.0-24-generic #<- not supported for overlayfs vagrant@vagrant-ubuntu-trusty:~$ sudo apt-get install linux-generic-lts-vivid linux-headers-generic-lts-vivid vagrant@vagrant-ubuntu-trusty:~$ reboot
3. Try to create the container form images root@vagrant-ubuntu-trusty:/home/vagrant/mincs# ./minc -r ubuntu mount: wrong fs type, bad option, bad superblock on overlayfs, missing codepage or helper program, or other error (for several filesystems (e.g. nfs, cifs) you might need a /sbin/mount.<type> helper program) In some cases useful info is found in syslog - try dmesg | tail or so root@vagrant-ubuntu-trusty:/home/vagrant/mincs# sudo dmesg | tail -f [ 1383.505546] overlayfs: failed to resolve '/var/lib/mincs/images/9d2e5c12a9428108649812c24645eba52c030507a74c891984b3fb7f218d7690/root:/var /lib/mincs/images/9177e32309d14441f30648db6ba1641800c79d959d63dddc0ab7da673cd6acd9/root:/var/lib/ mincs/images/06bd4c05b6dcfa6e669d02f4150b7842166a97ce536fbb0a98f66d2c4566c37e/root:/var/lib/mincs /images/72a988653a4a1802b617429efccfb972f0693fa6665fed9d27d912cc23590670/root:/var/lib/mincs/imag es/891a3a3af630e0853915722c47dc1a7002d2ea0218273456a12014fca609fc7d/root': -2 [ 1383.508533] overlayfs: missing upperdir or lowerdir or workdir In the case of overlayfs, we can’t use multiple base images with kernel version less than 4.0. since kernel 4.0, we can use multiple images as lowerdir.
In a nutshel Create container with no additaional image 1. rebuild latest busybox 2. correct minc-exec a little Import docker image 1. image should be single images ( it’s ok to consist of multiple images ) Create container from the image to be imported from docker 1. kernel version should be updated over 3.18 2. merge multiple images into one image if kernel version is less than 4 ← I added https://github.com/ukinau/mincs/commit/d94eb4fed4626e2f934a3ddc44912e8c2b28b269
Good articles The slide original developer - http://www.slideshare.net/mhiramat/mincs-containers-in-the-shell-script Can’t support multiple lowerlayers in overlayfs - http://queforum.com/unix-linux-basics/1008603-linux-how-use-multiple-lower-layers-overlayfs.html - http://stackoverflow.com/questions/31044982/how-to-use-multiple-lower-layers-in-overlayfs Support multiple lowerlayers in overlayfs since kernel 4.0 version - https://www.kernel.org/doc/Documentation/filesystems/overlayfs.txt

Empfohlen

JDO 2019: Tips and Tricks from Docker Captain - Łukasz Lach
JDO 2019: Tips and Tricks from Docker Captain - Łukasz LachJDO 2019: Tips and Tricks from Docker Captain - Łukasz Lach
JDO 2019: Tips and Tricks from Docker Captain - Łukasz LachPROIDEA
 
EC2
EC2EC2
EC2Igor Kapkov
 
Ondřej Šika: Docker, Traefik a CI - Mějte nasazené všeny větve na kterých pra...
Ondřej Šika: Docker, Traefik a CI - Mějte nasazené všeny větve na kterých pra...Ondřej Šika: Docker, Traefik a CI - Mějte nasazené všeny větve na kterých pra...
Ondřej Šika: Docker, Traefik a CI - Mějte nasazené všeny větve na kterých pra...Develcz
 
PuppetConf 2017: Use Puppet to Tame the Dockerfile Monster- Bryan Belanger, A...
PuppetConf 2017: Use Puppet to Tame the Dockerfile Monster- Bryan Belanger, A...PuppetConf 2017: Use Puppet to Tame the Dockerfile Monster- Bryan Belanger, A...
PuppetConf 2017: Use Puppet to Tame the Dockerfile Monster- Bryan Belanger, A...Puppet
 
Configuration Surgery with Augeas
Configuration Surgery with AugeasConfiguration Surgery with Augeas
Configuration Surgery with AugeasPuppet
 
Lecture 3 Perl & FreeBSD administration
Lecture 3 Perl & FreeBSD administrationLecture 3 Perl & FreeBSD administration
Lecture 3 Perl & FreeBSD administrationMohammed Farrag
 
Docker command
Docker commandDocker command
Docker commandEric Ahn
 
Ubic
UbicUbic
UbicVyacheslav Matyukhin
 

Empfohlen

JDO 2019: Tips and Tricks from Docker Captain - Łukasz Lach
JDO 2019: Tips and Tricks from Docker Captain - Łukasz LachJDO 2019: Tips and Tricks from Docker Captain - Łukasz Lach
JDO 2019: Tips and Tricks from Docker Captain - Łukasz LachPROIDEA
 
EC2
EC2EC2
EC2Igor Kapkov
 
Ondřej Šika: Docker, Traefik a CI - Mějte nasazené všeny větve na kterých pra...
Ondřej Šika: Docker, Traefik a CI - Mějte nasazené všeny větve na kterých pra...Ondřej Šika: Docker, Traefik a CI - Mějte nasazené všeny větve na kterých pra...
Ondřej Šika: Docker, Traefik a CI - Mějte nasazené všeny větve na kterých pra...Develcz
 
PuppetConf 2017: Use Puppet to Tame the Dockerfile Monster- Bryan Belanger, A...
PuppetConf 2017: Use Puppet to Tame the Dockerfile Monster- Bryan Belanger, A...PuppetConf 2017: Use Puppet to Tame the Dockerfile Monster- Bryan Belanger, A...
PuppetConf 2017: Use Puppet to Tame the Dockerfile Monster- Bryan Belanger, A...Puppet
 
Configuration Surgery with Augeas
Configuration Surgery with AugeasConfiguration Surgery with Augeas
Configuration Surgery with AugeasPuppet
 
Lecture 3 Perl & FreeBSD administration
Lecture 3 Perl & FreeBSD administrationLecture 3 Perl & FreeBSD administration
Lecture 3 Perl & FreeBSD administrationMohammed Farrag
 
Docker command
Docker commandDocker command
Docker commandEric Ahn
 
Ubic
UbicUbic
UbicVyacheslav Matyukhin
 
Making environment for_infrastructure_as_code
Making environment for_infrastructure_as_codeMaking environment for_infrastructure_as_code
Making environment for_infrastructure_as_codeSoshi Nemoto
 
Steam Learn: Composer
Steam Learn: ComposerSteam Learn: Composer
Steam Learn: Composerinovia
 
A journey through the years of UNIX and Linux service management
A journey through the years of UNIX and Linux service managementA journey through the years of UNIX and Linux service management
A journey through the years of UNIX and Linux service managementLubomir Rintel
 
Instruction: dev environment
Instruction: dev environmentInstruction: dev environment
Instruction: dev environmentSoshi Nemoto
 
Linux Containers (LXC)
Linux Containers (LXC)Linux Containers (LXC)
Linux Containers (LXC)Vladimir Melnic
 
NAS Botnet Revealed - Mining Bitcoin
NAS Botnet Revealed - Mining Bitcoin NAS Botnet Revealed - Mining Bitcoin
NAS Botnet Revealed - Mining Bitcoin Davide Cioccia
 
DevOps(2) : Vagrant - (MOSG)
DevOps(2) : Vagrant - (MOSG)DevOps(2) : Vagrant - (MOSG)
DevOps(2) : Vagrant - (MOSG)Soshi Nemoto
 
도커 없이 컨테이너 만들기 4편 네트워크네임스페이스 (2)
도커 없이 컨테이너 만들기 4편 네트워크네임스페이스 (2)도커 없이 컨테이너 만들기 4편 네트워크네임스페이스 (2)
도커 없이 컨테이너 만들기 4편 네트워크네임스페이스 (2)Sam Kim
 
DevOps(3) : Ansible - (MOSG)
DevOps(3) : Ansible - (MOSG)DevOps(3) : Ansible - (MOSG)
DevOps(3) : Ansible - (MOSG)Soshi Nemoto
 
Dtalk shell
Dtalk shellDtalk shell
Dtalk shellMiha Mencin
 
Make container without_docker_6-overlay-network_1
Make container without_docker_6-overlay-network_1 Make container without_docker_6-overlay-network_1
Make container without_docker_6-overlay-network_1 Sam Kim
 
agri inventory - nouka data collector / yaoya data convertor
agri inventory - nouka data collector / yaoya data convertoragri inventory - nouka data collector / yaoya data convertor
agri inventory - nouka data collector / yaoya data convertorToshiaki Baba
 
Message queue demo
Message queue demoMessage queue demo
Message queue demoDataArt
 
PuppetCamp SEA 1 - Version Control with Puppet
PuppetCamp SEA 1 - Version Control with PuppetPuppetCamp SEA 1 - Version Control with Puppet
PuppetCamp SEA 1 - Version Control with PuppetWalter Heck
 
Linux fundamental - Chap 14 shell script
Linux fundamental - Chap 14 shell scriptLinux fundamental - Chap 14 shell script
Linux fundamental - Chap 14 shell scriptKenny (netman)
 
nouka inventry manager
nouka inventry managernouka inventry manager
nouka inventry managerToshiaki Baba
 
Exploring Async PHP (SF Live Berlin 2019)
Exploring Async PHP (SF Live Berlin 2019)Exploring Async PHP (SF Live Berlin 2019)
Exploring Async PHP (SF Live Berlin 2019)dantleech
 
Lecture 6 Kernel Debugging + Ports Development
Lecture 6 Kernel Debugging + Ports DevelopmentLecture 6 Kernel Debugging + Ports Development
Lecture 6 Kernel Debugging + Ports DevelopmentMohammed Farrag
 
Puppet Camp Phoenix 2015: Managing Files via Puppet: Let Me Count The Ways (B...
Puppet Camp Phoenix 2015: Managing Files via Puppet: Let Me Count The Ways (B...Puppet Camp Phoenix 2015: Managing Files via Puppet: Let Me Count The Ways (B...
Puppet Camp Phoenix 2015: Managing Files via Puppet: Let Me Count The Ways (B...Puppet
 
Puppet without Root - PuppetConf 2013
Puppet without Root - PuppetConf 2013Puppet without Root - PuppetConf 2013
Puppet without Root - PuppetConf 2013Puppet
 
Docker practice
Docker practiceDocker practice
Docker practicewonyong hwang
 
Preparation study of_docker - (MOSG)
Preparation study of_docker - (MOSG)Preparation study of_docker - (MOSG)
Preparation study of_docker - (MOSG)Soshi Nemoto
 

Weitere ähnliche Inhalte

Was ist angesagt?

Making environment for_infrastructure_as_code
Making environment for_infrastructure_as_codeMaking environment for_infrastructure_as_code
Making environment for_infrastructure_as_codeSoshi Nemoto
 
Steam Learn: Composer
Steam Learn: ComposerSteam Learn: Composer
Steam Learn: Composerinovia
 
A journey through the years of UNIX and Linux service management
A journey through the years of UNIX and Linux service managementA journey through the years of UNIX and Linux service management
A journey through the years of UNIX and Linux service managementLubomir Rintel
 
Instruction: dev environment
Instruction: dev environmentInstruction: dev environment
Instruction: dev environmentSoshi Nemoto
 
NAS Botnet Revealed - Mining Bitcoin
NAS Botnet Revealed - Mining Bitcoin NAS Botnet Revealed - Mining Bitcoin
NAS Botnet Revealed - Mining Bitcoin Davide Cioccia
 
DevOps(2) : Vagrant - (MOSG)
DevOps(2) : Vagrant - (MOSG)DevOps(2) : Vagrant - (MOSG)
DevOps(2) : Vagrant - (MOSG)Soshi Nemoto
 
도커 없이 컨테이너 만들기 4편 네트워크네임스페이스 (2)
도커 없이 컨테이너 만들기 4편 네트워크네임스페이스 (2)도커 없이 컨테이너 만들기 4편 네트워크네임스페이스 (2)
도커 없이 컨테이너 만들기 4편 네트워크네임스페이스 (2)Sam Kim
 
DevOps(3) : Ansible - (MOSG)
DevOps(3) : Ansible - (MOSG)DevOps(3) : Ansible - (MOSG)
DevOps(3) : Ansible - (MOSG)Soshi Nemoto
 
Make container without_docker_6-overlay-network_1
Make container without_docker_6-overlay-network_1 Make container without_docker_6-overlay-network_1
Make container without_docker_6-overlay-network_1 Sam Kim
 
agri inventory - nouka data collector / yaoya data convertor
agri inventory - nouka data collector / yaoya data convertoragri inventory - nouka data collector / yaoya data convertor
agri inventory - nouka data collector / yaoya data convertorToshiaki Baba
 
Message queue demo
Message queue demoMessage queue demo
Message queue demoDataArt
 
PuppetCamp SEA 1 - Version Control with Puppet
PuppetCamp SEA 1 - Version Control with PuppetPuppetCamp SEA 1 - Version Control with Puppet
PuppetCamp SEA 1 - Version Control with PuppetWalter Heck
 
Linux fundamental - Chap 14 shell script
Linux fundamental - Chap 14 shell scriptLinux fundamental - Chap 14 shell script
Linux fundamental - Chap 14 shell scriptKenny (netman)
 
nouka inventry manager
nouka inventry managernouka inventry manager
nouka inventry managerToshiaki Baba
 
Exploring Async PHP (SF Live Berlin 2019)
Exploring Async PHP (SF Live Berlin 2019)Exploring Async PHP (SF Live Berlin 2019)
Exploring Async PHP (SF Live Berlin 2019)dantleech
 
Lecture 6 Kernel Debugging + Ports Development
Lecture 6 Kernel Debugging + Ports DevelopmentLecture 6 Kernel Debugging + Ports Development
Lecture 6 Kernel Debugging + Ports DevelopmentMohammed Farrag
 
Puppet Camp Phoenix 2015: Managing Files via Puppet: Let Me Count The Ways (B...
Puppet Camp Phoenix 2015: Managing Files via Puppet: Let Me Count The Ways (B...Puppet Camp Phoenix 2015: Managing Files via Puppet: Let Me Count The Ways (B...
Puppet Camp Phoenix 2015: Managing Files via Puppet: Let Me Count The Ways (B...Puppet
 
Puppet without Root - PuppetConf 2013
Puppet without Root - PuppetConf 2013Puppet without Root - PuppetConf 2013
Puppet without Root - PuppetConf 2013Puppet
 

Was ist angesagt? (20)

Making environment for_infrastructure_as_code
Making environment for_infrastructure_as_codeMaking environment for_infrastructure_as_code
Making environment for_infrastructure_as_code
 
Steam Learn: Composer
Steam Learn: ComposerSteam Learn: Composer
Steam Learn: Composer
 
A journey through the years of UNIX and Linux service management
A journey through the years of UNIX and Linux service managementA journey through the years of UNIX and Linux service management
A journey through the years of UNIX and Linux service management
 
Instruction: dev environment
Instruction: dev environmentInstruction: dev environment
Instruction: dev environment
 
Linux Containers (LXC)
Linux Containers (LXC)Linux Containers (LXC)
Linux Containers (LXC)
 
NAS Botnet Revealed - Mining Bitcoin
NAS Botnet Revealed - Mining Bitcoin NAS Botnet Revealed - Mining Bitcoin
NAS Botnet Revealed - Mining Bitcoin
 
DevOps(2) : Vagrant - (MOSG)
DevOps(2) : Vagrant - (MOSG)DevOps(2) : Vagrant - (MOSG)
DevOps(2) : Vagrant - (MOSG)
 
도커 없이 컨테이너 만들기 4편 네트워크네임스페이스 (2)
도커 없이 컨테이너 만들기 4편 네트워크네임스페이스 (2)도커 없이 컨테이너 만들기 4편 네트워크네임스페이스 (2)
도커 없이 컨테이너 만들기 4편 네트워크네임스페이스 (2)
 
DevOps(3) : Ansible - (MOSG)
DevOps(3) : Ansible - (MOSG)DevOps(3) : Ansible - (MOSG)
DevOps(3) : Ansible - (MOSG)
 
Dtalk shell
Dtalk shellDtalk shell
Dtalk shell
 
Make container without_docker_6-overlay-network_1
Make container without_docker_6-overlay-network_1 Make container without_docker_6-overlay-network_1
Make container without_docker_6-overlay-network_1
 
agri inventory - nouka data collector / yaoya data convertor
agri inventory - nouka data collector / yaoya data convertoragri inventory - nouka data collector / yaoya data convertor
agri inventory - nouka data collector / yaoya data convertor
 
Message queue demo
Message queue demoMessage queue demo
Message queue demo
 
PuppetCamp SEA 1 - Version Control with Puppet
PuppetCamp SEA 1 - Version Control with PuppetPuppetCamp SEA 1 - Version Control with Puppet
PuppetCamp SEA 1 - Version Control with Puppet
 
Linux fundamental - Chap 14 shell script
Linux fundamental - Chap 14 shell scriptLinux fundamental - Chap 14 shell script
Linux fundamental - Chap 14 shell script
 
nouka inventry manager
nouka inventry managernouka inventry manager
nouka inventry manager
 
Exploring Async PHP (SF Live Berlin 2019)
Exploring Async PHP (SF Live Berlin 2019)Exploring Async PHP (SF Live Berlin 2019)
Exploring Async PHP (SF Live Berlin 2019)
 
Lecture 6 Kernel Debugging + Ports Development
Lecture 6 Kernel Debugging + Ports DevelopmentLecture 6 Kernel Debugging + Ports Development
Lecture 6 Kernel Debugging + Ports Development
 
Puppet Camp Phoenix 2015: Managing Files via Puppet: Let Me Count The Ways (B...
Puppet Camp Phoenix 2015: Managing Files via Puppet: Let Me Count The Ways (B...Puppet Camp Phoenix 2015: Managing Files via Puppet: Let Me Count The Ways (B...
Puppet Camp Phoenix 2015: Managing Files via Puppet: Let Me Count The Ways (B...
 
Puppet without Root - PuppetConf 2013
Puppet without Root - PuppetConf 2013Puppet without Root - PuppetConf 2013
Puppet without Root - PuppetConf 2013
 

Ähnlich wie Pursue container architecture with mincs

Preparation study of_docker - (MOSG)
Preparation study of_docker - (MOSG)Preparation study of_docker - (MOSG)
Preparation study of_docker - (MOSG)Soshi Nemoto
 
DPDK in Containers Hands-on Lab
DPDK in Containers Hands-on LabDPDK in Containers Hands-on Lab
DPDK in Containers Hands-on LabMichelle Holley
 
How to make debian package from scratch (linux)
How to make debian package from scratch (linux)How to make debian package from scratch (linux)
How to make debian package from scratch (linux)Thierry Gayet
 
DCEU 18: Tips and Tricks of the Docker Captains
DCEU 18: Tips and Tricks of the Docker CaptainsDCEU 18: Tips and Tricks of the Docker Captains
DCEU 18: Tips and Tricks of the Docker CaptainsDocker, Inc.
 
Running Docker in Development & Production (DevSum 2015)
Running Docker in Development & Production (DevSum 2015)Running Docker in Development & Production (DevSum 2015)
Running Docker in Development & Production (DevSum 2015)Ben Hall
 
Docker for mere mortals
Docker for mere mortalsDocker for mere mortals
Docker for mere mortalsHenryk Konsek
 
Running Docker in Development & Production (#ndcoslo 2015)
Running Docker in Development & Production (#ndcoslo 2015)Running Docker in Development & Production (#ndcoslo 2015)
Running Docker in Development & Production (#ndcoslo 2015)Ben Hall
 
Automate drupal deployments with linux containers, docker and vagrant
Automate drupal deployments with linux containers, docker and vagrant Automate drupal deployments with linux containers, docker and vagrant
Automate drupal deployments with linux containers, docker and vagrant Ricardo Amaro
 
Virtual Infrastructure
Virtual InfrastructureVirtual Infrastructure
Virtual InfrastructureBryan McLellan
 
Docker workshop
Docker workshopDocker workshop
Docker workshopEvans Ye
 
Continuous Delivery: The Next Frontier
Continuous Delivery: The Next FrontierContinuous Delivery: The Next Frontier
Continuous Delivery: The Next FrontierCarlos Sanchez
 
Vagrant for real codemotion (moar tips! ;-))
Vagrant for real codemotion (moar tips! ;-))Vagrant for real codemotion (moar tips! ;-))
Vagrant for real codemotion (moar tips! ;-))Michele Orselli
 
Dockerfish-Tutorial
Dockerfish-TutorialDockerfish-Tutorial
Dockerfish-TutorialBrian Hood
 
Docker - A Ruby Introduction
Docker - A Ruby IntroductionDocker - A Ruby Introduction
Docker - A Ruby IntroductionTyler Johnston
 
Drone CI/CD 自動化測試及部署
Drone CI/CD 自動化測試及部署Drone CI/CD 自動化測試及部署
Drone CI/CD 自動化測試及部署Bo-Yi Wu
 

Ähnlich wie Pursue container architecture with mincs (20)

Docker practice
Docker practiceDocker practice
Docker practice
 
Preparation study of_docker - (MOSG)
Preparation study of_docker - (MOSG)Preparation study of_docker - (MOSG)
Preparation study of_docker - (MOSG)
 
DPDK in Containers Hands-on Lab
DPDK in Containers Hands-on LabDPDK in Containers Hands-on Lab
DPDK in Containers Hands-on Lab
 
How to make debian package from scratch (linux)
How to make debian package from scratch (linux)How to make debian package from scratch (linux)
How to make debian package from scratch (linux)
 
DCEU 18: Tips and Tricks of the Docker Captains
DCEU 18: Tips and Tricks of the Docker CaptainsDCEU 18: Tips and Tricks of the Docker Captains
DCEU 18: Tips and Tricks of the Docker Captains
 
Running Docker in Development & Production (DevSum 2015)
Running Docker in Development & Production (DevSum 2015)Running Docker in Development & Production (DevSum 2015)
Running Docker in Development & Production (DevSum 2015)
 
Docker for mere mortals
Docker for mere mortalsDocker for mere mortals
Docker for mere mortals
 
Running Docker in Development & Production (#ndcoslo 2015)
Running Docker in Development & Production (#ndcoslo 2015)Running Docker in Development & Production (#ndcoslo 2015)
Running Docker in Development & Production (#ndcoslo 2015)
 
Automate drupal deployments with linux containers, docker and vagrant
Automate drupal deployments with linux containers, docker and vagrant Automate drupal deployments with linux containers, docker and vagrant
Automate drupal deployments with linux containers, docker and vagrant
 
Virtual Infrastructure
Virtual InfrastructureVirtual Infrastructure
Virtual Infrastructure
 
Docker workshop
Docker workshopDocker workshop
Docker workshop
 
Continuous Delivery: The Next Frontier
Continuous Delivery: The Next FrontierContinuous Delivery: The Next Frontier
Continuous Delivery: The Next Frontier
 
Vagrant for real codemotion (moar tips! ;-))
Vagrant for real codemotion (moar tips! ;-))Vagrant for real codemotion (moar tips! ;-))
Vagrant for real codemotion (moar tips! ;-))
 
Introduction to docker
Introduction to dockerIntroduction to docker
Introduction to docker
 
Dockerfish-Tutorial
Dockerfish-TutorialDockerfish-Tutorial
Dockerfish-Tutorial
 
Ubic-public
Ubic-publicUbic-public
Ubic-public
 
Docker perl build
Docker perl buildDocker perl build
Docker perl build
 
Docker, c'est bonheur !
Docker, c'est bonheur !Docker, c'est bonheur !
Docker, c'est bonheur !
 
Docker - A Ruby Introduction
Docker - A Ruby IntroductionDocker - A Ruby Introduction
Docker - A Ruby Introduction
 
Drone CI/CD 自動化測試及部署
Drone CI/CD 自動化測試及部署Drone CI/CD 自動化測試及部署
Drone CI/CD 自動化測試及部署
 

Kürzlich hochgeladen

UNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its PerformanceUNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its Performancesivaprakash250
 
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
Online banking management system project.pdf
Online banking management system project.pdfOnline banking management system project.pdf
Online banking management system project.pdfKamal Acharya
 
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...ranjana rawat
 
Glass Ceramics: Processing and Properties
Glass Ceramics: Processing and PropertiesGlass Ceramics: Processing and Properties
Glass Ceramics: Processing and PropertiesPrabhanshu Chaturvedi
 
Introduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxIntroduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxupamatechverse
 
Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)simmis5
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escortsranjana rawat
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingrakeshbaidya232001
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Dr.Costas Sachpazis
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Christo Ananth
 
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...ranjana rawat
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Bookingdharasingh5698
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxpranjaldaimarysona
 
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur EscortsRussian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...roncy bisnoi
 

Kürzlich hochgeladen (20)

UNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its PerformanceUNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its Performance
 
Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024
 
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
 
Online banking management system project.pdf
Online banking management system project.pdfOnline banking management system project.pdf
Online banking management system project.pdf
 
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
 
Glass Ceramics: Processing and Properties
Glass Ceramics: Processing and PropertiesGlass Ceramics: Processing and Properties
Glass Ceramics: Processing and Properties
 
Introduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxIntroduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptx
 
Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writing
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
 
Roadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and RoutesRoadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and Routes
 
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptx
 
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur EscortsRussian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
 
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
 

Pursue container architecture with mincs

  • 2. What’s Container image#2 Linux Kernel image#1 process container A Warden LXC MINCS cgroupsnamespacenetfilter netlink process NW Isorated process Software to create container It’s just process be running on the same host as containerising software like docker. But that process called as container is isolated by the feature linux kernel provided than host machine. Docker is just one of the software to create/control isolated process(container) Root namespace
  • 3. Docker !== Container $ docker ps docker-containerd-shim docker-containerd-shim docker-containerd-shim dockerd docker-containerd /var/run/docker.sock Docker
  • 5. Docker try to ensure container status as config in init stop initialising running This container should start with such a configuration. If docker fail to ensure container as configuration like failing to bind port, docker restart to do initialisation process
  • 6. Docker restart normal procedure port: 7000 port: 7000 port: 7001 port: 8080 port: 80 port: 7000 port: 7000 port: 7001 port: 8080 port: 80 running runningstop initilising initilising stop Restart running --restart --restart
  • 7. Docker failed to start due to one of containers port: 7000 port: 7000 port: 7001 port: 8080 port: 80 runningstop initilising initilising Binding failed due to conflicting of port Container initialisation failed due to network error stop infinite $ docker ps --restart --restart I can’t “docker ps”, means docker control plane could be dead
  • 8. If docker don’t respond 1. check if dockerd is restarting repeatedly 2. if yes, remove the existing resource (/var/lib/docker/volumes, networks...)
  • 9. What’s MINCS ❖ Minimum Container Shellscripts ❖ Consisit of all pure shellscripts ❖ The number of all lines ➢ 3250 lines It’s easier to understand the basic consept than other container management tool How container is managed/created
  • 10. How to install MINCS $ git clone https://github.com/mhiramat/mincs.git It was supposed to finish with this one line…..
  • 11. Not working …... vagrant@vagrant:~/mincs$ sudo ./minc bash unshare: invalid option -- 'p' Usage: unshare [options] <program> [args...]
  • 12. unshare command is needed to replace with other ~:$ git clone https://github.com/mirror/busybox.git ~:$ cd busybox ~/busybox:$ make config require the user to fill with many configuration items…. ~/busybox:$ make install ~/busybox:$ mv _install/bin /bin/busybox
  • 13. Change minc-exec script as following diff --git a/libexec/minc-exec b/libexec/minc-exec index 834b4e0..a5a1b8c 100755 --- a/libexec/minc-exec +++ b/libexec/minc-exec @@ -174,4 +174,4 @@ cd / UNSHARE_OPT= # Enter new namespace and exec command [ "$MINC_NOPRIV" ] && UNSHARE_OPT=--map-root-user -$IP_NETNS unshare $UNSHARE_OPT -iumpf $LIBEXEC/`basename $0` "$@" +$IP_NETNS busybox unshare $UNSHARE_OPT -iumpf $LIBEXEC/`basename $0` "$@"
  • 14. 1. Try to create container $ sudo ./minc bash vagrant@vagrant-ubuntu-trusty:~/mincs$ sudo ./minc bash # <- enter in container mount: warning: /tmp/minc9215-334yCm/root/proc/sys seems to be mounted read-only. mount: warning: /tmp/minc9215-334yCm/root/proc/sysrq-trigger seems to be mounted read-only. mount: warning: /tmp/minc9215-334yCm/root/proc/irq seems to be mounted read-only. mount: warning: /tmp/minc9215-334yCm/root/proc/bus seems to be mounted read-only. root@vagrant-ubuntu-trusty:/# echo test >> test root@vagrant-ubuntu-trusty:/# cat /test test #<- There is /test files root@vagrant-ubuntu-trusty:/# exit exit #<- get out of container vagrant@vagrant-ubuntu-trusty:~/mincs$ cat /test cat: /test: No such file or directory # <- There is no /test file (directory tree is separated)
  • 15. 2. Try to use image management vagrant@vagrant-ubuntu-trusty:~$ sudo mincs/marten import ubuntu.tar.gz mincs/marten: 1: mincs/marten: jq: not found # <- need jq package vagrant@vagrant-ubuntu-trusty:~$ sudo apt-get install jq vagrant@vagrant-ubuntu-trusty:~$ sudo mincs/marten import ubuntu.tar.gz Importing image: ubuntu jq: error: Cannot index number with string parse error: Invalid numeric literal #<- This is bug… it can’t import the images to contain multiples # https://github.com/mhiramat/mincs/issues/8 vagrant@vagrant-ubuntu-trusty:~$ sudo mincs/marten import ubuntu_latest.tar.gz Importing image: ubuntu 9d2e5c12a9428108649812c24645eba52c030507a74c891984b3fb7f218d7690 …………. 9177e32309d14441f30648db6ba1641800c79d959d63dddc0ab7da673cd6acd9 9d2e5c12a9428108649812c24645eba52c030507a74c891984b3fb7f218d7690 vagrant@vagrant-ubuntu-trusty:~$ sudo mincs/marten images #<- it works
  • 16. 3. Try to create the container form images vagrant@vagrant-ubuntu-trusty:~$ sudo mincs/marten images ID SIZE NAME 06bd4c05b6dc 20K (noname) 72a988653a4a 84K (noname) 891a3a3af630 138M (noname) 9177e32309d1 16K (noname) 9d2e5c12a942 16K ubuntu vagrant@vagrant-ubuntu-trusty:~$ sudo mincs/minc -r ubuntu bash mount: special device overlayfs does not exist #<- I need fix, somehow overlayfs is enabled since kernel 3.18 To reuse this, run: mincs/minc -t 3c94cdd1629d vagrant@vagrant-ubuntu-trusty:~/mincs$ uname -r 3.13.0-24-generic #<- not supported for overlayfs vagrant@vagrant-ubuntu-trusty:~$ sudo apt-get install linux-generic-lts-vivid linux-headers-generic-lts-vivid vagrant@vagrant-ubuntu-trusty:~$ reboot
  • 17. 3. Try to create the container form images root@vagrant-ubuntu-trusty:/home/vagrant/mincs# ./minc -r ubuntu mount: wrong fs type, bad option, bad superblock on overlayfs, missing codepage or helper program, or other error (for several filesystems (e.g. nfs, cifs) you might need a /sbin/mount.<type> helper program) In some cases useful info is found in syslog - try dmesg | tail or so root@vagrant-ubuntu-trusty:/home/vagrant/mincs# sudo dmesg | tail -f [ 1383.505546] overlayfs: failed to resolve '/var/lib/mincs/images/9d2e5c12a9428108649812c24645eba52c030507a74c891984b3fb7f218d7690/root:/var /lib/mincs/images/9177e32309d14441f30648db6ba1641800c79d959d63dddc0ab7da673cd6acd9/root:/var/lib/ mincs/images/06bd4c05b6dcfa6e669d02f4150b7842166a97ce536fbb0a98f66d2c4566c37e/root:/var/lib/mincs /images/72a988653a4a1802b617429efccfb972f0693fa6665fed9d27d912cc23590670/root:/var/lib/mincs/imag es/891a3a3af630e0853915722c47dc1a7002d2ea0218273456a12014fca609fc7d/root': -2 [ 1383.508533] overlayfs: missing upperdir or lowerdir or workdir In the case of overlayfs, we can’t use multiple base images with kernel version less than 4.0. since kernel 4.0, we can use multiple images as lowerdir.
  • 18. In a nutshel Create container with no additaional image 1. rebuild latest busybox 2. correct minc-exec a little Import docker image 1. image should be single images ( it’s ok to consist of multiple images ) Create container from the image to be imported from docker 1. kernel version should be updated over 3.18 2. merge multiple images into one image if kernel version is less than 4 ← I added https://github.com/ukinau/mincs/commit/d94eb4fed4626e2f934a3ddc44912e8c2b28b269
  • 19. Good articles The slide original developer - http://www.slideshare.net/mhiramat/mincs-containers-in-the-shell-script Can’t support multiple lowerlayers in overlayfs - http://queforum.com/unix-linux-basics/1008603-linux-how-use-multiple-lower-layers-overlayfs.html - http://stackoverflow.com/questions/31044982/how-to-use-multiple-lower-layers-in-overlayfs Support multiple lowerlayers in overlayfs since kernel 4.0 version - https://www.kernel.org/doc/Documentation/filesystems/overlayfs.txt